package com.itheima.reggie.filter;

import com.alibaba.fastjson.JSON;
import com.itheima.reggie.common.BaseContext;
import com.itheima.reggie.common.R;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.AntPathMatcher;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebFilter(filterName = "loginFilter")
@Slf4j
public class LoginCheckFilter implements Filter {
    // 这些资源不需要验证，直接放行
    private String[] authUrl = new String[]{
            "/favicon.ico",
            "/employee/login",
            "/employee/logout",
            "/backend/**",
            "/front/**",
            "/common/**",
            "/user/sendMsg",
            "/user/login",
            "/doc.html",
            "/webjars/**",
            "/swagger-resources",
            "/v2/api-docs"
    };

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//        log.info("LoginCheckFilter");
        log.info("LoginCheckFilter...线程Id:{}",Thread.currentThread().getId());
        //请求与响应
        HttpServletRequest request =(HttpServletRequest) servletRequest;
        HttpServletResponse response =(HttpServletResponse) servletResponse;
        //登录过滤器的逻辑
        String requestURI = request.getRequestURI();
        log.info("请求uri:{}",requestURI);

        if(checkUrl(requestURI)){
            filterChain.doFilter(request,response);
            // 放行之后，千万不能继续执行，一定加retur返回
            return;
        }
        // 其它情况的，就需要判断是否登录过
        //员工登录
        if(request.getSession().getAttribute("employee") != null){
            // 如果session中有值，说明登录过，放行可以访问
            long userId = (long) request.getSession().getAttribute("employee");
            BaseContext.setCurrentId(userId);
            filterChain.doFilter(request,response);
            return;
        }
        // 移动端登录
        if(request.getSession().getAttribute("user") != null){
            // 如果session中有值，说明登录过，放行可以访问
            // 如果登录了，获取用户的ID，放入threadlocal,移动端的UserId
            Long userId = (Long) request.getSession().getAttribute("user");
            BaseContext.setCurrentId(userId);
            filterChain.doFilter(request,response);
            return;
        }
        // 剩下的情况就是未登录
        log.info("未登录....uri:{}",requestURI);
        R<Object> notlogin = R.error("NOTLOGIN");
        // 把对象转JSON串
        String jsonString = JSON.toJSONString(notlogin);
        response.getWriter().write(jsonString);
    }

    //正则匹配
    final AntPathMatcher pathMatcher = new AntPathMatcher();
    private boolean checkUrl(String uri) {
        //返回ture，代表放行
        for (String tmp:authUrl){
            // 这种暂时写法，便于理解
//            if(uri.contains(tmp)){
//                return true;
//            }
            if(pathMatcher.match(tmp,uri)){
                return true;
            }
        }
        return false;
    }
}






